Restaurant’s Payment Malware Incident Spans Seven States

The company known as CM Ebar LLC, which is the parent operation of the 29-unit Elephant Bar restaurant chain, said Tuesday (Dec. 8) that customers who used credit cards to pay for their purchases between August and December of this year may have been the victims of a data breach.

The potential security flaw came through malware that had been placed on the company’s payment systems; that malware was discovered Nov. 3, the company said, as reported by Nation’s Restaurant News.

The Elephant Bar was acquired by Chalak Mitra Group, the owner of CM Ebar LLC. The acquisition took place in 2014, bringing Elephant Bar out of bankruptcy proceedings.

An unnamed representative told Nation’s Restaurant News that the possible breach touched 20 locations in California, with single-digit locations compromised in Arizona and Colorado and a single location in each of the remaining states in which the restaurant operates.

In its statement, the casual dining company said: “We believe the malware could have compromised payment card data — including name, payment card account number, card expiration date and verification code — of customers who used a payment card at the affected locations.” The hack did not include other types of data, such as Social Security numbers or addresses, according to Elephant Bar. But customers are, not surprisingly, urged to remain vigilant when viewing debit and credit card statements, with an eye cast toward unusual activity showing up on statements.


Latest Insights: 

Our data and analytics team has developed a number of creative methodologies and frameworks that measure and benchmark the innovation that’s reshaping the payments and commerce ecosystem. The May 2019 AML/KYC Tracker, provides an in-depth examination of current efforts to stop money laundering, fight fraud and improve customer identity authentication in the financial services space.


To Top